Malware Patrol Intelligence



This Malware Patrol Connector ingests threat intelligence data from seven Malware Patrol feeds. The connector definition file maps how the feed data for each of those feeds is mapped to ThreatQ specific indicators and their related attributes. Threat intelligence data from the following seven feeds is ingested in ThreatQ:

  • Sinkhole IP Addresses Data Feed
  • Malware URLs (Sanitized)
  • Command and Control Server Addresses (Sanitized)
  • Malware Hashes l Malicious IP Addresses
  • Real Time DDoS Attacks
  • Domains Generated via DGA
  • Phishing
  • Anti Mining

Malware Patrol

We are a team of threat data experts based in the USA and Brazil. Our history is one of community spirit and dedication to internet security that began in 2005 when a group began sharing malicious links through a simple mailing list.

Over a decade of collecting, analyzing, and sharing data has allowed us to develop an extensive network of sensors, sharing agreements, and community contributors, the result of which is our vast database of unique and historically rich – “intelligent” – threat data.

Malware Patrol’s indicators of compromise (IOCs) are now used by thousands to protect networks and assets in more than 175 countries.To respect the time and resource limitations faced by information security professionals, automated systems verify each IOC in our lists every day to ensure that our feeds contain only active threats. To maximize our data’s coverage, we are continually updating the technology we use to scour the Internet for the latest malicious campaigns.

Enterprise Threat Data FeedsA wide range of IOCs feeds for security enterprises and researchers available for individual purchase: malware samples, malicious IPs, C2s, cryptomining sites, newly registered domains and more. For those with specific data or ingestion requirements, we can fully customize feed contents and formats at no additional cost.